FROM {{ base_image }}:{{ base_distro_tag }}
LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build_date }}"

{% block base_lang %}
# NOTE(yoctozepto): use a UTF-8 (Unicode) locale like standard image installs do
# fixes issues arising from ascii fallback usage
ENV LANG en_US.UTF-8
{% endblock %}

{# NOTE(SamYaple): Avoid uid/gid conflicts by creating each user/group up front. #}
{# Specifics required such as homedir or shell are configured within the service specific image #}
{%- for name, user in users | dictsort() %}
{% if loop.first -%}RUN {% else %}    && {% endif -%}
    groupadd --force --gid {{ user.gid }} {{ name }} \
    && useradd -l -M --shell /usr/sbin/nologin --uid {{ user.uid }} --gid {{ user.gid }} {{ name }}
        {%- if not loop.last %} \{% endif -%}
{%- endfor %}

LABEL kolla_version="{{ kolla_version }}"

{% import "macros.j2" as macros with context %}
{% block base_header %}{% endblock %}

ENV KOLLA_BASE_DISTRO={{ base_distro }} \
    KOLLA_INSTALL_TYPE={{ install_type }} \
    KOLLA_INSTALL_METATYPE={{ install_metatype }} \
    KOLLA_DISTRO_PYTHON_VERSION={{ distro_python_version }} \
    KOLLA_BASE_ARCH={{ base_arch }}


#### Customize PS1 to be used with bash shell
COPY kolla_bashrc /tmp/
RUN cat /tmp/kolla_bashrc >> /etc/skel/.bashrc \
    && cat /tmp/kolla_bashrc >> /root/.bashrc

# PS1 var when used /bin/sh shell
ENV PS1="$(tput bold)($(printenv KOLLA_SERVICE_NAME))$(tput sgr0)[$(id -un)@$(hostname -s) $(pwd)]$ "

{% if base_package_type == 'rpm' %}
# For RPM Variants, enable the correct repositories - this should all be done
# in the base image so repos are consistent throughout the system.  This also
# enables to provide repo overrides at a later date in a simple fashion if we
# desire such functionality.  I think we will :)

{# FIXME(mgoddard): Remove special case for CentOS 8 when CentOS 7 is no #}
{# longer supported. #}
RUN CURRENT_DISTRO_RELEASE=$(awk '{match($0, /[0-9]+/,version)}END{print version[0]}' /etc/system-release); \
    if [  $CURRENT_DISTRO_RELEASE != "{{ supported_distro_release }}" ] && [ $CURRENT_DISTRO_RELEASE != 8 ]; then \
        echo "Only releases '{{ supported_distro_release }}' and '8' are supported on {{ base_distro }}"; false; \
    fi \
    && cat /tmp/kolla_bashrc >> /etc/bashrc \
    && sed -i 's|^\(override_install_langs=.*\)|# \1|' {% if distro_package_manager == 'dnf' %}/etc/dnf/dnf.conf{% else %}/etc/yum.conf{% endif %}

{% block base_yum_conf %}

{% if distro_package_manager == 'dnf' %}
COPY dnf.conf /etc/dnf/dnf.conf
{% else %}
COPY yum.conf /etc/yum.conf
{% endif %}

{% endblock %}

# Install what is needed for en_US.UTF-8
{% block base_centos_distro_sync_and_languages %}

{% if distro_package_manager == 'dnf' %}
    {% set base_centos_language_packages = [
        'langpacks-en',
        'glibc-all-langpacks'
    ] %}

RUN {{ macros.install_packages(base_centos_language_packages | customizable("centos_language_packages"), chain=True, clean=False) }} \
    && {{ macros.rpm_security_update(clean_package_cache) }}
{% endif %}

{% endblock %}

#### BEGIN REPO ENABLEMENT
{% set base_yum_repo_files = [
 ] %}

{% set base_yum_url_packages = [
] %}

{% set base_yum_repo_keys = [
] %}

{% if base_arch == 'x86_64' %}
    {% set base_yum_repo_files = [
        'grafana.repo',
        'influxdb.repo',
        'rabbitmq_rabbitmq-server.repo',
        'td.repo',
    ] %}
    # FIXME(mgoddard): Not available for CentOS 8 yet.
    {% if distro_package_manager == 'yum' %}
        {% set base_yum_repo_files = base_yum_repo_files + [
            'crmsh.repo',
            'elasticsearch.repo',
            'opendaylight.repo',
        ] %}
    {% endif %}

    {% set base_yum_repo_keys = [
        'https://packages.grafana.com/gpg.key',
        'https://repos.influxdata.com/influxdb.key',
        'https://packages.treasuredata.com/GPG-KEY-td-agent',
    ] %}
    # FIXME(mgoddard): Not available for CentOS 8 yet.
    {% if distro_package_manager == 'yum' %}
        {% set base_yum_repo_keys = base_yum_repo_keys + [
            'https://artifacts.elastic.co/GPG-KEY-elasticsearch',
        ] %}
    {% endif %}
{% elif base_arch == 'aarch64' %}
    {% set base_yum_repo_files = [
        'grafana.repo',
        'rabbitmq_rabbitmq-server.repo',
    ] %}
    # FIXME(mgoddard): Not available for CentOS 8 yet.
    {% if distro_package_manager == 'yum' %}
        {% set base_yum_repo_files = base_yum_repo_files + [
            'elasticsearch.repo',
        ] %}
    {% endif %}

    {% set base_yum_repo_keys = [
        'https://packages.grafana.com/gpg.key',
    ] %}
    # FIXME(mgoddard): Not available for CentOS 8 yet.
    {% if distro_package_manager == 'yum' %}
        {% set base_yum_repo_keys = base_yum_repo_keys + [
            'https://artifacts.elastic.co/GPG-KEY-elasticsearch',
        ] %}
    {% endif %}
{% elif base_arch == 'ppc64le' %}
    {% set base_yum_repo_files = [
        'rabbitmq_rabbitmq-server.repo',
    ] %}
    # FIXME(mgoddard): Not available for CentOS 8 yet.
    {% if distro_package_manager == 'yum' %}
        {% set base_yum_repo_files = base_yum_repo_files + [
            'elasticsearch.repo',
        ] %}
    {% endif %}

    {% set base_yum_repo_keys = [
    ] %}
    # FIXME(mgoddard): Not available for CentOS 8 yet.
    {% if distro_package_manager == 'yum' %}
        {% set base_yum_repo_keys = base_yum_repo_keys + [
            'https://artifacts.elastic.co/GPG-KEY-elasticsearch',
        ] %}
    {% endif %}
{% endif %}

{%- for repo_file in base_yum_repo_files | customizable('yum_repo_files') %}
COPY {{ repo_file }} /etc/yum.repos.d/{{ repo_file }}
{%- endfor %}

# NOTE(hrw): 'rabbitmq-server' is 'noarch' so we can install it on ppc64le from
# repo for other architecture.
# NOTE(mjturek): tripleo-ci overrides these repos so the file would not exist
# in that case. We test for the file's existence to avoid sed failing in that case.
{% if base_arch == 'ppc64le' %}
RUN if [[ -e /etc/yum.repos.d/rabbitmq_rabbitmq-server.repo ]]; then \
      sed -i -e 's/\$basearch/x86_64/g' /etc/yum.repos.d/rabbitmq_rabbitmq-server.repo; \
    fi
{% endif %}

{% block base_centos_repo_overrides_post_copy %}{% endblock %}

{{ macros.install_packages(base_yum_url_packages | customizable("yum_url_packages")) }}

{% for key in base_yum_repo_keys | customizable('yum_repo_keys') %}
{%- if loop.first %}RUN {% else %}    && {% endif -%}
    rpm --import {{ key }}
{%- if not loop.last %} \{% endif %}
{% endfor -%}

    {% if install_metatype in ['rdo', 'mixed'] %}

{% for cmd in rpm_setup %}
{{ cmd }}
{% endfor %}

{% block base_centos_repo_overrides_post_rpm %}{% endblock %}

    {% endif %}
    {# endif for repo setup for all RHEL except RHEL OSP #}

    {% if install_metatype == 'rhos' %}

{% block base_rhos_repo_enablement %}
# Turn on the RHOS 7.0 repo for RHOS
RUN yum-config-manager --enable rhel-7-server-rpms \
    && yum-config-manager --enable rhel-7-server-openstack-7.0-rpms
{% endblock %}

    {% endif %}

    {% if base_distro == 'centos' %}

{% block base_centos_gpg_key_import %}
{% if distro_package_manager == 'dnf' %}
RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
{% else %}
RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
{% endif %}
{% endblock %}

{% set base_centos_yum_repo_keys = [
] %}
# FIXME(mgoddard): Not available for CentOS 8 yet.
{% if distro_package_manager == 'yum' %}
    {% set base_centos_yum_repo_keys = base_centos_yum_repo_keys + [
        '/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-OpsTools',
        '/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Storage',
        '/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Virtualization',
    ] %}
{% endif %}

{% set base_centos_yum_repo_packages = [
    'epel-release',
] %}
# FIXME(mgoddard): Not available for CentOS 8 yet.
{% if distro_package_manager == 'yum' %}
    {% set base_centos_yum_repo_packages = base_centos_yum_repo_packages + [
        'centos-release-ceph-nautilus',
        'centos-release-opstools',
        'centos-release-qemu-ev',
    ] %}
# FIXME(mnasiadka): Replace with CentOS Storage SIG packages when avail
{% else %}
COPY ceph_master.repo /etc/yum.repos.d/
RUN export CEPH_MASTER_REPO=$(curl -s https://shaman.ceph.com/api/search/\?status\=ready\&project\=ceph\&ref\=master\&flavor\=default\&distros\=centos/8\&sha1\=\latest | awk -F'{|: |,|"|}' '{for(i=1;i<=NF;i++) {gsub(" ",""); if($i == "url") {print $(i+2)}}}') \
    && sed -i "s|CHACRA_URL|${CEPH_MASTER_REPO}|g" /etc/yum.repos.d/ceph_master.repo
{% endif %}

{% if distro_package_manager == 'dnf' %}
    # We need 'dnf-plugins-core' for 'dnf config-manager'
    {% set base_centos_yum_repo_packages = base_centos_yum_repo_packages + [
        'dnf-plugins-core'
    ] %}
    {% set base_centos_yum_repos_to_enable = [
        'PowerTools'
    ] %}
{% else %}
    {% set base_centos_yum_repo_packages = base_centos_yum_repo_packages + [
        'yum-plugin-priorities',
    ] %}
{% endif %}

{% set base_centos_yum_repos_to_disable = [
    'influxdb',
] %}
# FIXME(mgoddard): Not available for CentOS 8 yet.
{% if distro_package_manager == 'yum' %}
    {% set base_centos_yum_repos_to_disable = base_centos_yum_repos_to_disable + [
        'centos-ceph-nautilus',
        'centos-nfs-ganesha28',
        'centos-qemu-ev',
    ] %}
{% else %}
    # FIXME(mgoddard): Remove when CentOS Storage SIG repo is available for CentOS 8
    {% set base_centos_yum_repos_to_disable = base_centos_yum_repos_to_disable + [
        'ceph',
        'ceph-noarch',
        'ceph-el8',
        'ceph-lab-extras',
    ] %}
{% endif %}

RUN {{ macros.install_packages(base_centos_yum_repo_packages | customizable("centos_yum_repo_packages"), chain=True, clean=False) }} \
{%- for repo in base_centos_yum_repos_to_enable | customizable('centos_yum_repos_to_enable') %}
{%- if distro_package_manager == 'dnf' %}
    && dnf config-manager --enable {{ repo }} \
{% else %}
    && yum-config-manager --enable {{ repo }} \
{% endif -%}
{% endfor -%}
{%- for repo in base_centos_yum_repos_to_disable | customizable('centos_yum_repos_to_disable') %}
{%- if distro_package_manager == 'dnf' %}
    && dnf config-manager --disable {{ repo }} \
{%- else %}
    && yum-config-manager --disable {{ repo }} \
{%- endif -%}
{%- endfor %}
{% for key in base_centos_yum_repo_keys | customizable('centos_yum_repo_keys') -%}
    && rpm --import {{ key }} \
{% endfor -%}
{% block base_centos_repo_overrides_post_yum -%}{% endblock -%}
    && {{ macros.rpm_security_update(clean_package_cache) }}

    {%- endif %}
    {# Endif for base_distro centos #}

    {% if base_distro == 'rhel' %}

{% block base_rhel_package_installation %}
# Enable couple required repositories for all RHEL builds
# Turn on EPEL throughout the build
RUN yum-config-manager --enable rhel-7-server-optional-rpms \
    && {{ macros.install_packages( ['yum-plugin-priorities' ], chain=True, clean=False) }} \
    {%- if install_type != 'binary' or install_metatype != 'rdo' %}
    && {{ macros.install_packages( [ 'https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm' ], chain=True, clean=False) }} \
    && rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 \
    {% endif -%}
    && yum-config-manager --enable rhel-7-server-extras-rpms \
    && yum-config-manager --enable rhel-7-server-rhceph-2-osd-rpms \
    && yum-config-manager --enable rhel-7-server-rhceph-2-mon-rpms \
    && yum-config-manager --enable rhel-7-server-rhceph-2-tools-rpms \
    && {{ macros.rpm_security_update(clean_package_cache) }}
{% endblock %}

    {% endif %}
    {# Endif for base_distro RHEL #}

#### END REPO ENABLEMENT

{# We are back to the basic if conditional here which is:
    if base_package_type == 'rpm' #}

{% block base_redhat_binary_versionlock %}{% endblock %}

{% set base_centos_packages = [
        'ca-certificates',
        'curl',
        'findutils',
        'iproute',
        'iscsi-initiator-utils',
        'lvm2',
        'ncurses',
        'procps-ng',
        'socat',
        'sudo',
        'tar',
        'which'
] %}
{% if distro_python_version.startswith('3') %}
    {% set base_centos_packages = base_centos_packages + [
        'python3'
    ] %}
{% else %}
    {% set base_centos_packages = base_centos_packages + [
        'python'
    ] %}
{% endif %}
{% if distro_package_manager == 'dnf' %}
    {% set base_centos_packages = base_centos_packages + [
        'util-linux-user',
    ] %}
{% else %}
    {% set base_centos_packages = base_centos_packages + [
        'scsi-target-utils',
    ] %}
{% endif %}

# Install base packages
{{ macros.install_packages( base_centos_packages | customizable("centos_packages") | customizable("centos_binary_packages") | customizable("centos_source_packages") ) }}
{{ macros.disable_extra_repos('epel') }}

{# endif for base_package_type rpm #}
{% elif base_package_type == 'deb' %}
# Ensure lsb_release exists
{{ macros.install_packages(['lsb-release']) }}

RUN if [ $(lsb_release -r -s) != "{{ supported_distro_release }}" ]; then \
        echo "Only release '{{ supported_distro_release }}' is supported on {{ base_distro }}"; false; fi

# Customize PS1 bash shell
# enlarge 'system users' range so 'haproxy' package will not complain
# see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939470
RUN cat /tmp/kolla_bashrc >> /etc/bash.bashrc \
    && sed -i -e s/LAST_SYSTEM_UID=999/LAST_SYSTEM_UID=59999/g /etc/adduser.conf

# This will prevent questions from being asked during the install
ENV DEBIAN_FRONTEND noninteractive

# Reducing disk footprint
COPY dpkg_reducing_disk_footprint /etc/dpkg/dpkg.cfg.d/dpkg_reducing_disk_footprint

{% block base_ubuntu_package_pre %}
# Need apt-transport-https and ca-certificates before replacing sources.list or
# apt-get update will not work if any repositories are accessed via HTTPS
{% set base_ubuntu_package_pre_packages = [
    'apt-transport-https',
    'ca-certificates',
    'curl',
    'dirmngr',
    'gnupg'
] %}
{{ macros.install_packages(base_ubuntu_package_pre_packages | customizable("base_ubuntu_package_pre_packages")) }}
{% endblock %}

{% block base_ubuntu_package_sources_list %}
{% if base_distro == 'debian' or ( base_distro == 'ubuntu' and base_arch == 'x86_64' ) %}
COPY sources.list.{{ base_distro }} /etc/apt/sources.list
{% else %}
COPY sources.list.{{ base_distro }}.{{ base_arch }} /etc/apt/sources.list
{% endif %}
COPY sources.list /etc/apt/sources.list.d/kolla-custom.list
{% endblock %}

{% block base_debian_after_sources_list %}{% endblock %}

{% block base_ubuntu_package_apt_preferences %}
COPY apt_preferences.{{ base_distro }} /etc/apt/preferences
COPY apt_preferences /etc/apt/preferences.d/kolla-custom
{% endblock %}

{% set base_apt_packages = [
   'apt-utils',
   'curl',
   'gawk',
   'iproute2',
   'kmod',
   'lvm2',
   'netbase',
   'open-iscsi',
   'procps',
   'python3',
   'socat',
   'sudo',
   'tgt']
%}

{% if base_distro == 'ubuntu' %}
    {# 391A9AA2147192839E9DB0315EDB1B62EC4926EA -- Canonical Cloud Archive Signing Key <ftpmaster@canonical.com> #}
    {# 46095ACC8548582C1A2699A9D27D666CD88E42B4 -- Elasticsearch (Elasticsearch Signing Key) <dev_ops@elasticsearch.org> #}
    {# 49B07274951063870A8B7EAE7B8AA1A344C05248 -- Opendaylight Signing Key <https://launchpad.net/~odl-team> #}
    {# 58118E89F3A912897C070ADBF76221572C52609D -- Docker Release Tool (releasedocker) <docker@docker.com> #}
    {# 4D8EB5FDA37AB55F41A135203BF88A0C6A770882 -- Apache Qpid PPA Signing Key <dev@qpid.apache.org> #}
    {# 901F9177AB97ACBE                         -- Treasure Data, Inc (Treasure Agent Official Signing key) <support@treasure-data.com> #}
    {# A20F259AEB9C94BB                         -- Sensuapp (Freight) <support@hw-ops.com> #}
    {# F1656F24C74CD1D8                         -- MariaDB Signing Key <signing-key@mariadb.org> #}
    {% set base_apt_keys = [
      '391A9AA2147192839E9DB0315EDB1B62EC4926EA',
      '46095ACC8548582C1A2699A9D27D666CD88E42B4',
      '49B07274951063870A8B7EAE7B8AA1A344C05248',
      '58118E89F3A912897C070ADBF76221572C52609D',
      '4D8EB5FDA37AB55F41A135203BF88A0C6A770882',
      '901F9177AB97ACBE',
      'A20F259AEB9C94BB',
      'F1656F24C74CD1D8',
    ] %}
    {% set remote_apt_keys = [
      'https://packagecloud.io/rabbitmq/rabbitmq-server/gpgkey',
      'https://packages.grafana.com/gpg.key',
      'https://repos.influxdata.com/influxdb.key'
    ] %}
{% elif base_distro == 'debian' %}
    {% set base_apt_keys = [
      '46095ACC8548582C1A2699A9D27D666CD88E42B4',
    ] %}
    {% set remote_apt_keys = [
      'https://download.docker.com/linux/debian/gpg',
      'https://packages.grafana.com/gpg.key',
      'http://buster-train.debian.net/debian/dists/pubkey.gpg',
      'https://packages.treasuredata.com/GPG-KEY-td-agent',
    ] %}
    {% set base_apt_packages = base_apt_packages +
      ['sudo',]
    %}
{% endif %}

{% block base_ubuntu_package_installation %}
    {%- block base_ubuntu_package_key_installation %}
        {% for key in base_apt_keys | customizable('apt_keys') %}
            {%- if loop.first %}RUN {% else %} && {% endif %}apt-key adv --no-tty --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 {{ key }}
            {%- if not loop.last %} \
            {% endif -%}
        {% endfor %}
        {% for key in remote_apt_keys | customizable('remote_apt_keys') %}
            {%- if loop.first %} RUN {% else %} && {% endif %}curl -L {{ key }} | apt-key add -
            {%- if not loop.last %} \
            {% endif -%}
        {% endfor %}
    {% endblock %}
RUN apt-get update \
    && apt-get -y install locales \
    && sed -e "s/# $LANG UTF-8/$LANG UTF-8/g" /etc/locale.gen -i \
    && locale-gen "$LANG" \
    && apt-get -y upgrade \
    && apt-get -y dist-upgrade \
    && {{ macros.install_packages(base_apt_packages | customizable('apt_packages'), True) }}

{% endblock %}

{# endif base_package_type deb #}
{% endif %}

{% if base_distro == 'centos' or base_distro == 'rhel' %}
RUN sed -ri '/-session(\s+)optional(\s+)pam_systemd.so/d' /etc/pam.d/system-auth
{% endif %}

COPY set_configs.py /usr/local/bin/kolla_set_configs
{% if distro_python_version.startswith('3') %}
RUN sed -i -e "s+#\!/usr/bin/env python+#\!/usr/bin/env python3+g" /usr/local/bin/kolla_set_configs
{% endif %}
COPY start.sh /usr/local/bin/kolla_start
COPY copy_cacerts.sh /usr/local/bin/kolla_copy_cacerts
COPY httpd_setup.sh /usr/local/bin/kolla_httpd_setup
COPY sudoers /etc/sudoers
COPY curlrc /root/.curlrc

{% if use_dumb_init %}

{% block dumb_init_installation %}

RUN curl -sSL https://github.com/Yelp/dumb-init/releases/download/v1.2.2/dumb-init_1.2.2_{{debian_arch}} -o /usr/local/bin/dumb-init \
    && chmod +x /usr/local/bin/dumb-init

{% endblock %}

ENTRYPOINT ["dumb-init", "--single-child", "--"]

{% endif %}

{% if docker_healthchecks %}
{% block healthcheck_installation %}

COPY healthcheck_curl healthcheck_filemod healthcheck_listen healthcheck_port healthcheck_socket /usr/local/bin/
RUN chmod 755 /usr/local/bin/healthcheck_*

{% endblock %}
{% endif %}

RUN touch /usr/local/bin/kolla_extend_start \
    && chmod 755 /usr/local/bin/kolla_start /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_set_configs /usr/local/bin/kolla_copy_cacerts /usr/local/bin/kolla_httpd_setup \
    && chmod 440 /etc/sudoers \
    && mkdir -p /var/log/kolla \
    && chown :kolla /var/log/kolla \
    && chmod 2775 /var/log/kolla \
    && rm -f /tmp/kolla_bashrc

{% block base_footer %}{% endblock %}
CMD ["kolla_start"]
